package csu.jpetstore.jpetstore.controller;

import com.sun.istack.NotNull;
import csu.jpetstore.jpetstore.domain.UserAuths;
import csu.jpetstore.jpetstore.domain.Users;
import csu.jpetstore.jpetstore.dto.UserDTO;
import csu.jpetstore.jpetstore.dto.UserSignUpDTO;
import csu.jpetstore.jpetstore.result.Result;
import csu.jpetstore.jpetstore.result.ResultFactory;
import csu.jpetstore.jpetstore.service.AdminUserRoleService;
import csu.jpetstore.jpetstore.service.NormalUsersService;
import csu.jpetstore.jpetstore.service.AdminRoleService;
import csu.jpetstore.jpetstore.service.UserAuthsService;
import csu.jpetstore.jpetstore.utils.Utils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.util.HtmlUtils;


import java.util.Date;
@CrossOrigin
@RestController
@RequestMapping(value = "/api")
public class UserController {
    @Autowired
    NormalUsersService usersService;
    @Autowired
    UserAuthsService userAuthsService;
    @Autowired
    AdminRoleService adminRoleService;
    @Autowired
    AdminUserRoleService adminUserRoleService;

    @RequiresAuthentication
    @RequestMapping(value = "/users",method = RequestMethod.GET)
    public Result getUsers(){
        Subject user = SecurityUtils.getSubject();
        String userId = user.getPrincipal().toString();
        UserAuths userAuths = userAuthsService.getByUser(usersService.findByUserId(userId));
        userAuths.setPassword("");
        userAuths.setSalt("");
        return ResultFactory.getSuccess("成功获得当前用户",userAuths);
    }


    @RequestMapping(value = "/very/{userId}",method = RequestMethod.GET)
    public Result verification(@PathVariable("userId")String userId){
        return ResultFactory.getSuccess("success",null);
    }

    @RequestMapping(value = "/users",method = RequestMethod.POST)
    public Result updateUser(@RequestBody UserSignUpDTO userSignUp){
        @NotNull String username = userSignUp.getUsername();
        username= HtmlUtils.htmlEscape(username);
        boolean isExist = userAuthsService.isUsernameExist(username);
        if (isExist)
            return ResultFactory.getFail("used",null);
        @NotNull String password = userSignUp.getPassword();
        UserAuths newUser = new UserAuths();
        Users user = new Users();
        String userId = Utils.generateString(64);
        while (usersService.isUserIdExist(userId))
            userId = Utils.generateString(64);
        user.setId(userId);
        newUser.setUsername(username);
        user.setRegisterIp("0.0.0.0");
        user.setRegisterTime(new Date());
        user.setNickname(userSignUp.getNickname());
        user.setEmail(userSignUp.getEmail());
        user.setAvatar(userSignUp.getAvatar());
        newUser.setUser(user);

        String status = "unverified"; //待验证，需要通过验证才能继续

        newUser.setStatus(status);
        String salt = Utils.generateString(64);
        newUser.setSalt(salt);
        String encodePassword = new SimpleHash("md5", password, salt, 4).toString();
        newUser.setPassword(encodePassword);
        //权限加载
        userAuthsService.add(newUser);
        adminUserRoleService.createNormalUser(userId);
        return ResultFactory.getSuccess("success",userId);
    }

    @RequiresAuthentication
    @RequiresRoles({"admin","root"})
    @RequestMapping(value = "/users",method = RequestMethod.DELETE)
    public Result deleteUser(@RequestBody UserDTO userDTO){
        return null;
    }
}
